On Sun, 03 Apr 2005 01:38:03 -0500 Dave Cinege <dcinege-mlists-dated-1112942287.e58b6f@xxxxxxxxxxxxx> wrote: > Here in lies the problem. When an unauthorized host first hits port 53 and is > redirected to 5353 a udp connection track stream is tacked up. Once they > become authorized their 'ACCEPT' rule in inserted, however the original > 53->5353 REDIRECT stream is still alive, and will continued to be used until > it times out. During this time the host is dead in the water with no 'real' > DNS. Let's say your existing ethernet device is eth0. Is is possible to physically add a second ethernet device, say eth1? Then you could route everything from eth0 to eth1 and put the dummy redirections on eth1. Then whenever you want to override the dummy redirections you insert iptables rules on eth0. I've never tried anything like this and am totally guessing, so I could (am probably) way off track, but anyways :)
